This article will help you enable Pacemaker, DRBD, and LINSTOR communications through firewalld.
The Pacemaker stack and it's components have a service file that ship with firewalld. You can enable Pacemaker/Corosync/DLM communication through the firewall using that service file like so:
# firewall-cmd --permanent --add-service=high-availability
# firewall-cmd --reload
DRBD® does not have a firewalld service file upstream, so you must specify the port range you're using for DRBD configurations:
# firewall-cmd --permanent --add-port=7788-7799/tcp
# firewall-cmd --reload
LINSTOR® also does not have a firewalld service file upstream, so you will need to specify ports for its various components. It also provisions DRBD devices using a default port range starting at port 7000:
# firewall-cmd --permanent --add-port=3376/tcp # Controller port
# firewall-cmd --permanent --add-port=3370/tcp # Controller REST API port
# firewall-cmd --permanent --add-port=3366/tcp # Satellite port
# firewall-cmd --permanent --add-port=7000-7999/tcp # DRBD port range
# firewall-cmd --reload
Reviewed 2020/12/01 – DGT